<?php
session_start();
require_once("_connect.php");
if(count($_POST)>0)
{
	$username = $_POST["RACCOUNT_ID"];
	$password = $_POST["ACCOUNT_PASSWORD"];
	
	$sql = "SELECT * FROM users WHERE 
			ACCOUNT_ID ='".strtoupper($username)."'  
		AND ACCOUNT_PASSWORD = '".$password."' 
		AND ACCOUNT_STATUS = 'Active'";
		//echo $sql;
	$raw = mysql_query($sql, $conn);
	$row = mysql_fetch_array($raw, MYSQL_ASSOC);
	if (is_array($row))
	{
		$_SESSION["LOGON"] = TRUE;
		$_SESSION["NAME"] = $row["RACCOUNT_NAME"];
		$_SESSION["RACCOUNT_ID"] = strtoupper($username);
		$_SESSION["ROLE"] = $row["ROLE"];
	}
	else
	{
		$error_message = "Invalid Username or password! Please try again.";		
	}
}

if(isset($_SESSION["LOGON"])) {
	header("Location:quickorder.php");
}
else
{
	header("Location:login.php?errMsg=".$error_message);
}
?>